David Jacoby, senior security researcher at Kaspersky, reported that data hacking is a major threat and this applies at both an individual and societal level. In light of cyber attacks, some companies have taken novel steps to try to thwart credential stuffing attacks against their users by obtaining the breached data themselves and cross referencing it against their own database.
Mitsubishi Heavy Industries signed a letter of intent to enter the Charter of Trust for Cyber-security in Tokyo. The membership will be finalized by the end of September, 2019. As the 17th Charter partner, MHI will become the first Asian company to join the global cyber-security initiative. Initiated by Siemens, the Charter of Trust calls for binding rules and standards to build trust in cyber-security and boost digitalization.
ABS launches the FCI Cyber Risk Model that enables the maritime cyber security risk to be more accurately measured. This methodology was developed by ABS Advanced Solutions. With the FCI Risk Model, one can measure and quantify risks based on critical functions, interconnections and identities that access those critical functions through digital connections.
The International Maritime Bureau announced that it has launched a new initiative aiming to mitigate bills of lading fraud conducted by non-vessel owning common carriers (NVOCCs). The IMB NVOCC Register provides a business solution to a business problem impacting parties involved in international shipping and trade.
During the 2019 SMART4SEA Conference, Isidoros Monogioudis, Senior Security Architect, Digital Shadows, presented the current landscape surrounding maritime cyber threat. In his presentation, he divided the attack surface in two big areas: Threat to maritime vessels and threat to the wider sector.
US Coast Guard published a Bulletin concerning a cyber incident that occurred on a commercial vessel. The paper aims to inform possible victims how to prevent cyber attacks and also provides additional information on who to inform if one is under attack. USCG’s National Response Centre (NRC) remains the primary contact for notifications concerning SAs and BoSs, including cyber.
The emerging risk associated with cyber threat requires not only better training for seafarers, but also spreading awareness of best cyber security practices, argued Peter Broadhurst, Senior VP of Safety and Security, Inmarsat Maritime, adding that there is still ‘a long way to go’ when it comes to effective cyber protection.
The Dutch National Port Security Reporting Point for security incidents recently warned against criminals who ‘spoof’ or ‘clone’ legitimate websites. This is the counterfeiting of websites or e-mail addresses for fraudulent activities. The criminals are mainly looking for money and possibly data from companies doing business in the port.
Several hackers are pretending to be high-level executives in the shipping industry to launch ‘whaling attacks’. These attacks aim to steal credentials or even compromise the system. These hackers are targeting various types of employees with social-engineering. Whaling attacks are not new, but they grow, with the FBI noting that these attacks resulted in losses of more than $12.5 billion during 2018.
A little after BIMCO published the new guidelines to improve cyber security, secureworld provides further insight on how ships can be hacked. Namely, modern ships are floating computer networks and have more and more systems that can be compromised. The most characteristic example are cruise ships. On these ships Wi-Fi works most of the time, increasing the risk of cyber attacks.
